Provide access to QSslCertificate on OpenSSL free Windows builds

The QSslCertificate class can parse and provide details about SSL
certificates without a proper backend, this can for instance be used
by QtWebEngine to provide metadata about certificates, even on Windows
builds without OpenSSL, as QtWebEngine does not use Qt's SSL stack.

Change-Id: Ib48f1ed7315c5bc66721ec87ee651d8372f07f71
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
This commit is contained in:
Allan Sandfeld Jensen 2018-06-29 11:33:36 +02:00
parent 514972544a
commit a149659c5c
6 changed files with 46 additions and 28 deletions

View File

@ -125,7 +125,9 @@
#include "qssl_p.h"
#include "qsslcertificate.h"
#include "qsslcertificate_p.h"
#ifndef QT_NO_SSL
#include "qsslkey_p.h"
#endif
#include <QtCore/qdir.h>
#include <QtCore/qdiriterator.h>
@ -142,8 +144,12 @@ QT_BEGIN_NAMESPACE
QSslCertificate::QSslCertificate(QIODevice *device, QSsl::EncodingFormat format)
: d(new QSslCertificatePrivate)
{
#ifndef QT_NO_OPENSSL
QSslSocketPrivate::ensureInitialized();
if (device && QSslSocket::supportsSsl())
#else
if (device)
#endif
d->init(device->readAll(), format);
}
@ -156,8 +162,10 @@ QSslCertificate::QSslCertificate(QIODevice *device, QSsl::EncodingFormat format)
QSslCertificate::QSslCertificate(const QByteArray &data, QSsl::EncodingFormat format)
: d(new QSslCertificatePrivate)
{
#ifndef QT_NO_OPENSSL
QSslSocketPrivate::ensureInitialized();
if (QSslSocket::supportsSsl())
#endif
d->init(data, format);
}
@ -557,6 +565,8 @@ QList<QSslCertificate> QSslCertificate::fromData(const QByteArray &data, QSsl::E
: QSslCertificatePrivate::certificatesFromDer(data);
}
#ifndef QT_NO_SSL
/*!
Verifies a certificate chain. The chain to be verified is passed in the
\a certificateChain parameter. The first certificate in the list should
@ -600,6 +610,8 @@ bool QSslCertificate::importPkcs12(QIODevice *device,
return QSslSocketBackendPrivate::importPkcs12(device, key, certificate, caCertificates, passPhrase);
}
#endif
// These certificates are known to be fraudulent and were created during the comodo
// compromise. See http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html
static const char *const certificate_blacklist[] = {

View File

@ -55,8 +55,6 @@
#include <QtCore/qmap.h>
#include <QtNetwork/qssl.h>
#ifndef QT_NO_SSL
QT_BEGIN_NAMESPACE
class QDateTime;
@ -131,7 +129,9 @@ public:
QMultiMap<QSsl::AlternativeNameEntryType, QString> subjectAlternativeNames() const;
QDateTime effectiveDate() const;
QDateTime expiryDate() const;
#ifndef QT_NO_SSL
QSslKey publicKey() const;
#endif
QList<QSslCertificateExtension> extensions() const;
QByteArray toPem() const;
@ -146,6 +146,7 @@ public:
static QList<QSslCertificate> fromData(
const QByteArray &data, QSsl::EncodingFormat format = QSsl::Pem);
#ifndef QT_NO_SSL
#if QT_VERSION >= QT_VERSION_CHECK(6,0,0)
static QList<QSslError> verify(const QList<QSslCertificate> &certificateChain, const QString &hostName = QString());
#else
@ -156,6 +157,7 @@ public:
QSslKey *key, QSslCertificate *cert,
QList<QSslCertificate> *caCertificates = nullptr,
const QByteArray &passPhrase=QByteArray());
#endif
Qt::HANDLE handle() const;
@ -178,6 +180,4 @@ QT_END_NAMESPACE
Q_DECLARE_METATYPE(QSslCertificate)
#endif // QT_NO_SSL
#endif

View File

@ -55,7 +55,9 @@
// We mean it.
//
#ifndef QT_NO_SSL
#include "qsslsocket_p.h"
#endif
#include "qsslcertificateextension.h"
#include <QtCore/qdatetime.h>
#include <QtCore/qmap.h>
@ -83,7 +85,9 @@ public:
QSslCertificatePrivate()
: null(true), x509(0)
{
#ifndef QT_NO_SSL
QSslSocketPrivate::ensureInitialized();
#endif
}
~QSslCertificatePrivate()

View File

@ -41,8 +41,10 @@
#include "qsslcertificate_p.h"
#include "qssl_p.h"
#ifndef QT_NO_SSL
#include "qsslkey.h"
#include "qsslkey_p.h"
#endif
#include "qsslcertificateextension.h"
#include "qsslcertificateextension_p.h"
#include "qasn1element_p.h"
@ -145,6 +147,7 @@ Qt::HANDLE QSslCertificate::handle() const
}
#endif
#ifndef QT_NO_SSL
QSslKey QSslCertificate::publicKey() const
{
QSslKey key;
@ -155,6 +158,7 @@ QSslKey QSslCertificate::publicKey() const
}
return key;
}
#endif
QList<QSslCertificateExtension> QSslCertificate::extensions() const
{

View File

@ -48,9 +48,6 @@
QT_BEGIN_NAMESPACE
#ifndef QT_NO_SSL
class QSslCertificateExtensionPrivate;
class Q_NETWORK_EXPORT QSslCertificateExtension
@ -80,8 +77,6 @@ private:
Q_DECLARE_SHARED(QSslCertificateExtension)
#endif // QT_NO_SSL
QT_END_NAMESPACE

View File

@ -1,11 +1,22 @@
# OpenSSL support; compile in QSslSocket.
HEADERS += ssl/qasn1element_p.h \
ssl/qssl.h \
ssl/qssl_p.h \
ssl/qsslcertificate.h \
ssl/qsslcertificate_p.h \
ssl/qsslcertificateextension.h \
ssl/qsslcertificateextension_p.h
SOURCES += ssl/qasn1element.cpp \
ssl/qssl.cpp \
ssl/qsslcertificate.cpp \
ssl/qsslcertificateextension.cpp
!qtConfig(openssl): SOURCES += ssl/qsslcertificate_qt.cpp
qtConfig(ssl) {
HEADERS += ssl/qasn1element_p.h \
ssl/qssl.h \
ssl/qssl_p.h \
ssl/qsslcertificate.h \
ssl/qsslcertificate_p.h \
ssl/qsslconfiguration.h \
HEADERS += ssl/qsslconfiguration.h \
ssl/qsslconfiguration_p.h \
ssl/qsslcipher.h \
ssl/qsslcipher_p.h \
@ -18,26 +29,19 @@ qtConfig(ssl) {
ssl/qsslsocket.h \
ssl/qsslsocket_p.h \
ssl/qsslpresharedkeyauthenticator.h \
ssl/qsslpresharedkeyauthenticator_p.h \
ssl/qsslcertificateextension.h \
ssl/qsslcertificateextension_p.h
SOURCES += ssl/qasn1element.cpp \
ssl/qssl.cpp \
ssl/qsslcertificate.cpp \
ssl/qsslconfiguration.cpp \
ssl/qsslpresharedkeyauthenticator_p.h
SOURCES += ssl/qsslconfiguration.cpp \
ssl/qsslcipher.cpp \
ssl/qssldiffiehellmanparameters.cpp \
ssl/qsslellipticcurve.cpp \
ssl/qsslkey_p.cpp \
ssl/qsslerror.cpp \
ssl/qsslsocket.cpp \
ssl/qsslpresharedkeyauthenticator.cpp \
ssl/qsslcertificateextension.cpp
ssl/qsslpresharedkeyauthenticator.cpp
winrt {
HEADERS += ssl/qsslsocket_winrt_p.h
SOURCES += ssl/qsslcertificate_qt.cpp \
ssl/qsslcertificate_winrt.cpp \
SOURCES += ssl/qsslcertificate_winrt.cpp \
ssl/qssldiffiehellmanparameters_dummy.cpp \
ssl/qsslkey_qt.cpp \
ssl/qsslkey_winrt.cpp \
@ -47,8 +51,7 @@ qtConfig(ssl) {
qtConfig(securetransport) {
HEADERS += ssl/qsslsocket_mac_p.h
SOURCES += ssl/qsslcertificate_qt.cpp \
ssl/qssldiffiehellmanparameters_dummy.cpp \
SOURCES += ssl/qssldiffiehellmanparameters_dummy.cpp \
ssl/qsslkey_qt.cpp \
ssl/qsslkey_mac.cpp \
ssl/qsslsocket_mac_shared.cpp \